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AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions and listings of claims in the 
application: 



1 . (Currently Amended) A method in a data processing system for validating 
digital certificates having a server, an Online Certificate Status Protocol (OCSP) 
responded a certificate authority, and a certificate database including records 
associated with digital certificates , comprising: 

receiving , at the OCSP responder. an onlin e c e rt i ficat e status protoco l OCSP 
request associated with a digital certificate generated by the server : 

creating , by the OCSP responder, a Lightweight Directory Access Protocol 
database query based on the received OCSP request; 

sending , by the OCSP responder, the Lightweight Directory Access Protocol 
database query to the certificate database to determine whether the digital certificate is 
valid; a&4 

receiving , at the OCSP responder, a database query result indicating whether the 
digital certificate i s va l id matches a corresponding certificate entry stored in one of the 
certificate database records: 

determining, by the OCSP responder, the validity of the digital certificate based 
on the database guerv result: and 

notifying the server of the determined validity of the digital certificate . 



-2- 



V 



FINNEGAN 
HENDERSON 
FARABOW 
GARRETT & 
DUNNERllp 

1 300 I Street, NW 
Washington, DC 20005 
202.408.4000 
Fax 202.408.4400 
www.finneganxom 



2. (Currently Amended) The method of claim 1 , further i nclud i ng sending an 
i ndicat i on of wh e th e r th e d i g i ta l c e rtif i cat e is va li d bas e d upon th e roco i ved databas e 
qu e ry r e su l t wherein the Lightweight Directory Access Protocol database query includes 
an instruction to return a selected portion of a database record . 



3. (Currently Amended) The method of claim 1 , wh e r ei n th e data proc e ssing 
syst e m has a c e rtif i cat e author i ty and an assoc i at e d databas e , and w herein the method 
further comprises: 

sending an indication of a new digital certificate from the certificate authority to 
the certificate database upon issuance of the new digital certificate; 

receiving, by the certificate database, from the certificate authority, an indication 
of the new digital certificate; and 

storing creating a certificate database record reflecting an identity of the new 
digital certificate. 

4. (Currently Amended) The method of claim 1 , whoroin th e data process i ng 
system has a cert i ficate author i ty and an assoc i ated databas e , and wherein the method 
further comprises: 

sending an indication of a revoked digital certificate from the certificate authority 
to the certificate database upon revocation of the revoked digital certificate; 

receiving, by the certificate database, from the certificate authority, the indication 
of revocation of the revoked digital certificate; and 
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removing a certificate database record of an i dentity of associated with the 
revoked digital certificate from the certificate database . 

5. (Currently Amended) A method in a data processing system for validating 
digital certificates, the data processing system having a certificate authority and an- 
assoc i at e d a directory server having a database, the method performed by the directory 



server comprising: 

receiving , by a databas e , a Lightweight Directory Access Protocol query based 
on an online certificate status protocol request indicating a requested digital certificate; 

searching the database for a database record reflecting an identity of the 
requested digital certificate; and 

returning an indication of the database record when the database record 
reflecting the requested digital certificate is found to indicate validity of the requested 
digital certificate, whereby the indication of the database record i s r e turn e d w i thout 
transmission of a c e rtificat e r e vocat i on li st by th e c e rtif i cat e author i ty includes meta-data 
reflecting the validity of the reguested digital certificate . 



6. (Currently Amended) The method of claim 5, further comprising th e st e p 



ef: 



sending an indication of a new digital certificate from the certificate authority to 
the database upon issuance of the new digital certificate; 

receiving, by the database from the certificate authority, an indication of the new 
digital certificate upon issuance of the new digital certificate; and 



• 



storing a database record reflecting an identity of the new digital certificate. 



7. (Currently Amended) A method in a data processing system for validating 
digital certificates without certification revocation lists, comprising: 

receiving , from a server, an online certificate status protocol request associated 
with a digital certificate; 

creating a database query based on the received request; 

sending the database query to a database to determine whether the digital 
certificate is valid; and 

receiving a database query result indicating that wh e th e r the digital certificate is- 
vatid -matches an entry in the database; 

providing the database query result to the server that determines that the digital 
certificate is valid based on the indication of the matching database entry; and 

sending, from the server to a digital certificate reguesting entity, an indication that 
the digital certificate is valid . 



8. (Original) The method of claim 7, wherein the database query is a 
Lightweight Directory Access Protocol database query. 
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9. (Currently Amended) A method in a data processing system for validating 
digital certificates without certification revocation lists, the data processing system 
having a requesting entity that requests a status of a digital certificate from a remote 
computing entity, a certificate authority^ and an assoc i at e d a database, the method 
comprising: 

receiving, by the database, a query based on an online certificate status protocol 
request indicating a requested digital certificate , wherein the reguest is generated by the 
remote computing entity based on a status request received from the requesting entity ; 

searching the database for a database record reflecting an identity of the 
requested digital certificate; an4 

returning aft a first indication of the database record when the database record 
reflecting the requested digital certificate is found in the database; and to i ndicat e 
va li dity of tho roquostod dig i ta l cert i f i cate 

returning a second indication of the database record when the database record 
reflecting the requested digital certificate is not found in the database, 

wherein the remote computing entity determines that the digital certificate is valid 
when the first indication is returned and determines that the digital certificate is invalid 
when the second indication is returned; and 

sending, from the remote computing entity to the reguesting entity, a third 
indication reflecting the invalidity or validity of the digital certificate . 

1 0. (Currently Amended) The method of claim 9, further comprising th e st e p 

ef: 





sending an indication of the new digital certificate from the certificate authority to 
the database upon issuance of the new digital certificate; 

receiving, by the database from the certificate authority, an indication of a new 
digital certificate upon issuance of the new digital certificate; and 



storing a database record reflecting an identity of the new digital certificate. 



1 1 . (Original) The method of claim 9, wherein the received query is a 
Lightweight Directory Access Protocol query. 



FIN N EG AN 
HENDERSON 
FARABO W 
GARRETT & 
DUNNERLif 

13001 Street, NW 
Washington, DC 20005 
202.408.4000 
Fax 202.408.4400 
www.finnegan.com 




-7- 



f 






FINN EG AN 
HENDERSON 
FARABOW 
GARRETT & 
DUNNERLLf 

1300 I Street NW 
Washington, DC 20005 
202.408.4000 
Fax 202.408.4400 
www.fi n negan . co m 



12. (Currently Amended) A method in a data processing system for validating 
digital certificates without certification revocation lists, the data processing system 
having a client, a server, an OCSP a responder, a certificate authority, and a database 
storing records of valid digital certificates of the certificate authority and a cert i ficate 
author i ty , the method comprising: 

s e nding generating, by the client , a request fFem th e c l i e nt for a transaction, the 
request including a digital certificate identifying the client; 

receiving the client request by the server; 

creating, by the server, an online certificate status protocol request based on the 
associated digital certificate identifying the client; 

sending , by the server, the online certificate status protocol request by th e s e rv e r 
to the responder ; 

receiving, by the OCSP responder, the online certificate status protocol request 
associated with the digital certificate; 

creating , by the responder, a Lightweight Directory Access Protocol database 
query based on the received online certificate status protocol request; 

sending , by the responder, the Lightweight Directory Access Protocol database 
query to the database to determine whether the digital certificate is valid, th e databas e 
stor i ng r e cords of va l id cert i ficat e s of the c e rt i ficate authority ; 

searching the database for a database record identifying the digital certificate 
associated with the online certificate status protocol request; 

returning a LDAP database query result indicating whether the digital certificate 
is-vatid the database record is stored in the database ; and 
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sending, by the responded a validity indication whether the digital certificate is 
valid based on the guery result to the server; and 

sending, by the server to the client an indication of whether the transaction is 
authorized based on the validity indication r e c ei v i ng th e r e turn e d LDAP databas e qu e ry 
r e su l t . 

1 3. (Currently Amended) A data processing system for answering online 
certificate status requests without certificate revocation lists, comprising: 
a memory having program instructions; 

a processor configured to execute the program instructions to receive from a 
server an online certificate status protocol request associated with a digital certificate, 
create a database query based on the received request, send the Lightweight Directory 
Access Protocol database query to a database to determine whether the digital 
certificate is valid, an4 receive a Lightweight Directory Access Protocol database query 
result from the database indicating whether the digital certificate matches a 
corresponding entry stored in a database one of the certificate database records, 
determining the validity of the digital certificate based on the database guery result, and 
notify the server of the determined validity of the digital certificate is-vaM 
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14. (Original) A data processing system for answering online certificate status 
requests without certificate revocation lists, comprising: 
a first computer having: 



online certificate status protocol request associated with a digital certificate, create a 
database query based on the received request, send the database query to determine 
whether the digital certificate is valid, and receive a database query result indicating 
whether the digital certificate is valid; and 

a second computer representing a directory server having: 

a database storing database records indicating digital certificates; 
a memory having program instructions; 

a processor configured to execute the program instructions to receive, 
from a certificate authority, an indication of a new digital certificate upon issuance of the 
new digital certificate, store a database record reflecting an identity of the new digital 
certificate, receive the database query based on the online certificate status protocol 
request from the first computer, search the database for a database record reflecting an 
identity of the requested digital certificate; and return an indication of the database 
record to the first computer when the database record reflecting the requested digital 
certificate is found to indicate validity of the requested digital certificate. 

1 5. (Original) The data processing system of claim 14, wherein the database 
query is an LDAP query. 



a memory having program instructions; 



a processor configured to execute the program instructions to receive an 
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16. (Currently Amended) A data processing system for answering online 
certificate status requests without certificate revocation lists, comprising: 

a client computer configured to send a request for a transaction, the request 
including a digital certificate identifying the client; 

a server computer configured to receive the client request, create an online 
certificate status protocol request based on the associated digital certificate identifying 
the client, and send the online certificate status protocol request; 

an OCSP responder configured to receive the online certificate status protocol 
request associated with the digital certificate, create a Lightweight Directory Access 
Protocol database query based on the received online certificate status protocol 
request, and send the Lightweight Directory Access Protocol database query te-a- 
databas e t o determine whether the digital certificate is valid , th e databas e storing 
r e cords of va li d c e rt i ficat e s of th e c e rt i ficat e author i ty ; and 

a database storing records of valid certificates of the certificate authority and 
configured to search for a database record identifying the digital certificate associated 
with the online certificate status protocol request, return an LDAP database query result 
indicating whether the digital certificate matches one of the records stored in the 
database, is va l id 

wherein the OCSP responder determines that the digital certificate is valid when 
it receives an LDAP database guery result reflecting that the digital certificate matches 
one of the database records. 
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1 7. (Currently Amended) A computer-readable medium containing instructions 
for controlling a data processing system to perform a method for validating digital 
certificates, the data processing system having a server, an Online Certificate Status 
Protocol (OCSP) responder, a certificate authority, and a certificate database including 
records associated with digital certificates, the method comprising the steps of: 

receiving , at the OCSP responder an on li n e c e rtificat e status protoco l OCSP 
request associated with a digital certificate generated by the server ; 

creating , by the OCSP responder a Lightweight Directory Access Protocol 
database query based on the received OCSP request; 

sending , bv the OCSP responder the Lightweight Directory Access Protocol 
database query to the certificate database to determine whether the digital certificate is 
valid; ao4 

receiving , at the OCSP responder, a database query result indicating whether the 
digital certificate is-valid -matches a corresponding certificate entry stored in one of the 
certificate database records; 

determining, bv the OCSP responder, the validity of the digital certificate based 
on the database guerv result; and 

notifying the server of the determined validity of the digital certificate . 

1 8. (Currently Amended) The computer-readable medium of claim 1 7, wherein 
th e m e thod furth e r compr i s e s s e nding an indication of wh e th e r th e d i g i tal c e rt i f i cat e i s 
val i d bas e d upon th e r e c ei v e d databas e gu e rv r e su l t the Lightweight Directory Access 
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Protocol database query includes an instruction to return a selected portion of a 
database record . 

19. (Currently Amended) The computer-readable medium of claim 17, 
whoroin th e data proc e ss i ng syst e m has a c e rtif i cat e author i ty and an assoc i at e d 
database, an d wherein the method further comprises: 

sending an indication of a new digital certificate from the certificate authority to 
the database upon issuance of the new digital certificate; 

receiving, by the database, from the certificate authority, an indication of the new 
digital certificate; and 

storing a database record reflecting an identity of the new digital certificate. 

20. (Currently Amended) The computer-readable medium of claim 17, 
wher e in tho data proc e ss i ng syst e m has a c e rt i ficat e authority and an associat e d 
databas e , and wherein the method further comprises: 

sending an indication of a revoked digital certificate from the certificate authority 
to the database upon revocation of the revoked digital certificate; 

receiving, by the database, from the certificate authority, the indication of 
revocation of the revoked digital certificate; and 

removing a database record of an identity of the revoked digital certificate. 
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21 . (Currently Amended) A computer-readable medium containing instructions 
for controlling a data processing system to perform a method for validating digital 
certificates, the data processing system having a certificate authority and a directory 
server having an associated database, the method performed by the directory server 
comprising the steps of: 

receiving , by a databas e , a Lightweight Directory Access Protocol query based 
on an online certificate status protocol request indicating a requested digital certificate; 

searching the database for a database record reflecting an identity of the 
requested digital certificate; and 

returning an indication of the database record when the database record 
reflecting the requested digital certificate is found to indicate validity of the requested 
digital certificate, whereby the indication of the database record i s r e turn e d w i thout 
transmiss i on of a c e rt i ficat e r e vocat i on l ist by th e c e rt i f i cat e authority includes meta-data 
reflecting the validity of the requested digital certificate . 

22. (Original) The computer-readable medium of claim 21 , wherein the 
method further comprises the steps of: 

sending an indication of a new digital certificate from the certificate authority to 
the database upon issuance of the new digital certificate; 

receiving, by the database from the certificate authority, an indication of the new 
digital certificate upon issuance of the new digital certificate; and 

storing a database record reflecting an identity of the new digital certificate. 
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23. (Currently Amended) A computer-readable medium containing instructions 
for controlling a data processing system to perform a method for validating digital 
certificates without certification revocation lists comprising the steps of: 

receiving , from a server, an online certificate status protocol request associated 
with a digital certificate; 

creating a database query based on the received request; 

sending the database query to a database to determine whether the digital 
certificate is valid; and 

receiving a database query result indicating that wh e th e r the digital certificate is- 
vatid -matches an entry in the database; 

providing the database query result to the server that determines that the digital 
certificate is valid based on the indication of the matching database entry; and 

sending, from the server to a digital certificate requesting entity, an indication that 
the digital certificate is valid . 



24. (Original) The computer-readable medium of claim 23, wherein the 
database query is a Lightweight Directory Access Protocol database query. 
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25. (Currently Amended) A computer-readable medium containing instructions 
for controlling a data processing system to perform a method for validating digital 
certificates without certification revocation lists, the data processing system having a 
requesting entity that requests a status of a digital certificate from a remote computing 
entity, a certificate authority and an assoc i at e d a database, the method comprising the 
steps of: 

receiving, by the database, a query based on an online certificate status protocol 
request indicating a requested digital certificate , wherein the request is generated by the 
remote computing entity based on a status request received from the requesting entity ; 

searching the database for a database record reflecting an identity of the 
requested digital certificate; and 

returning an a first indication of the database record when the database record 
reflecting the requested digital certificate is found in the database; and to ind i cate 
va l idity of tho requested digital c o rt i f i cato 

returning a second indication of the database record when the database record 
reflecting the reguested digital certificate is not found in the database, 

wherein the remote computing entity determines that the digital certificate is valid 
when the first indication is returned and determines that the digital certificate is invalid 
when the second indication is returned; and 

sending, from the remote computing entity to the reguesting entity, a third 
indication reflecting the invalidity or validity of the digital certificate . 
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26. (Original) The computer-readable medium of claim 25, wherein the 



method further comprises the steps of: 

sending an indication of the new digital certificate from the certificate authority to 
the database upon issuance of the new digital certificate; 

receiving, by the database from the certificate authority, an indication of a new 
digital certificate upon issuance of the new digital certificate; and 



27. (Original) The computer-readable medium of claim 25, wherein the 
received query is an Lightweight Directory Access Protocol query. 




storing a database record reflecting an identity of the new digital certificate. 
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28. (Currently Amended) A computer-readable medium containing instructions 
for controlling a data processing system to perform a method for validating digital 
certificates without certification revocation lists, the data processing system having a 
client, a server, an OCSP responder, a certificate authority, and a database storing 
records of valid digital certificates of the certificate authority and a c e rtif i cat e authority , 
the method comprising the steps of: 

send i ng generating, by the client , a request from tho cliont for a transaction, the 
request including a digital certificate identifying the client; 

receiving the client request by the server; 

creating, by the server, an online certificate status protocol request based on the 
associated digital certificate identifying the client; 

sending , by the server, the online certificate status protocol request by th e s e rv e r 
to the responder ; 

receiving, by the OCSP responder, the online certificate status protocol request 
associated with the digital certificate; 

creating , by the responder, a Lightweight Directory Access Protocol database 
query based on the received online certificate status protocol request; 

sending , by the responder, the Lightweight Directory Access Protocol database 
query to the database to determine whether the digital certificate is valid, tho database 
stor i ng r e cords of va li d c e rt i ficat e s of th e c e rt i f i cat e author i ty ; 

searching the database for a database record identifying the digital certificate 
associated with the online certificate status protocol request; 
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returning a LDAP database query result indicating whether the digital certificate 
is-vatid the database record is stored in the database ; af*d 

sending, by the responded a validity indication whether the digital certificate is 
valid based on the guerv result to the server; and 

sending, by the server to the client, an indication of whether the transaction is 



authorized based on the validity indication rece i v i ng tho roturnod LDAP database guorv 

ro o i il-f 

1 VWWIli 
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29. (Currently Amended) A data processing system for validating digital 
certificates, comprising: 

means for receiving an online certificate status protocol OCSP request 
associated with a diaital certificate aenerated bv a server; 

means for creating a Lightweight Directory Access Protocol database query 
based on the received OCSP request; 

means for sending the Lightweight Directory Access Protocol database query to 
a certificate database includina records associated with diaital certificates to determine 


whether the digital certificate is valid; and 

means for receiving a database query result indicating whether the digital 
certificate is-vaM-matches a corresDondina certificate entrv stored in one of the 
certificate database records; 

means for determininq the validitv of the diaital certificate based on the database 


auerv result; and 

means for notifvinq the server of the determined validitv of the diaital certificate 
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